Netskope and Splunk deployment/configuration Experience
• 4-6 years of experience directly related to information technology security in medium to large enterprise. This experience should include active participation in security programs and processes that have contributed to the development and administration of an organization wide IT security architecture.
• Knowledge of networking and protocols such as SSL, HTTP, DNS and SMTP
• Working across teams to implement security controls throughout the company.
• Deploying POCs and Pilots as needed, working with multiple enterprise teams to obtain testers to validate assumptions and operation of controls prior to wide scale deployment.
• Ensuring proper documentation of existing configuration, procedures, and guidelines.
• Proven experience performing System Administration. Deployment and maintenance on security controls such as SIEM, DLP, EDR, CASB, SOAR, SSO and other security controls.
• Experience deploying, migrating to, and/or supporting cloud network security (SASE/CASB) products such as Netskope, iBoss, Zscaler or Palo Alto.
• Demonstrated experience using Splunk Search Processing Language in creating queries, setting alerts, identifying event conditions, and building dashboards
• Installing, configuring, and deploying Splunk infrastructure, to include search heads, indexers, forwarders, and other Splunk components
• Splunk account creation and role-based access control
• Monitor and maintain Splunk performance, availability, and capacity.
• Grow and improve the enterprise Splunk environment to a mature implementation by creating forwarder apps to ingest data feeds
• Develop reliable, efficient, and re-usable queries that will feed custom alerts and dashboards
• Assist users in accessing and identifying relevant audit logs, both for troubleshooting and cybersecurity compliance purposes
• Configuring dashboards to facilitate audit log analysis, and configuring rules for use cases
• Act as the Splunk liaison for Splunk technical questions, issues or escalations. This will include working with Splunk Support, Product Management or others as needed.
• Administration of the servers on which Splunk infrastructure is deployed is not a direct responsibility, but the successful candidate must be familiar enough with both Splunk and server administration to participate in server troubleshooting affecting Splunk performance.
• Must be familiar with a wide range of security technologies including, but not limited to: SIEM, CASB IDS/IPS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics software, SSO, SOAR, Privilege Access Management and security incident response and Identity Management.
• Excellent communication skills with the ability to write documents ranging from formal and informal reports, system documentation, and training materials.
• The demonstrated ability to work effectively in a collaborative team environment or as an individual contributor.
Thanks & Regards